Community discussions

MikroTik App
 
terrancesiu
just joined
Topic Author
Posts: 4
Joined: Sat Aug 20, 2016 4:53 pm

tunnel split does not work on ikev2

Thu Aug 24, 2017 5:50 am

my chr config
/ip ipsec mode-config
add address-pool=pool1 address-prefix-length=32 name=cfg1 split-include=172.30.0.0/15,192.168.0.0/22 static-dns=192.168.0.13 system-dns=no

/ip ipsec proposal
set [ find default=yes ] auth-algorithms=sha256,sha1 enc-algorithms=aes-256-cbc,aes-128-cbc pfs-group=none
#ikev1
/ip ipsec peer
add address=0.0.0.0/0 auth-method=rsa-signature certificate=xxxxx comment="IKEv1" compatibility-options=\
    skip-peer-id-validation enc-algorithm=aes-256 generate-policy=port-override mode-config=cfg1 passive=yes
    
#ikev2 
add address=0.0.0.0/0 auth-method=rsa-signature certificate=xxxxx comment="IKEv2" enc-algorithm=\
    aes-256,aes-128 exchange-mode=ike2 generate-policy=port-strict mode-config=cfg1  passive=yes
/ip ipsec policy
set 0 dst-address=172.30.0.0/15 src-address=0.0.0.0/0
add dst-address=192.168.0.0/22 src-address=0.0.0.0/0 template=yes
debug
10:39:30 ipsec initial contact 
10:39:30 ipsec processing payloads: NOTIFY 
10:39:30 ipsec   notify: INITIAL_CONTACT 
10:39:30 ipsec   notify: MOBIKE_SUPPORTED 
10:39:30 ipsec   notify: ESP_TFC_PADDING_NOT_SUPPORTED 
10:39:30 ipsec   notify: NON_FIRST_FRAGMENTS_ALSO 
10:39:30 ipsec peer wants tunnel mode 
10:39:30 ipsec processing payload: CONFIG 
10:39:30 ipsec   attribute: internal IPv4 address 
10:39:30 ipsec   attribute: internal IPv4 DHCP 
10:39:30 ipsec   attribute: internal IPv4 DNS 
10:39:30 ipsec   attribute: internal IPv4 netmask 
10:39:30 ipsec   attribute: internal IPv6 address 
10:39:30 ipsec   attribute: internal IPv6 DHCP 
10:39:30 ipsec   attribute: internal IPv6 DNS 
10:39:30 ipsec   attribute: unknown 0x19 
#10:39:30 ipsec,info acquired 172.31.1.3 address for 123.123.123.123, 10.198.199.249 
#10:39:30 ipsec processing payload: TS_I 
#10:39:30 ipsec 0.0.0.0/0 
#10:39:30 ipsec [::/0] 
#10:39:30 ipsec processing payload: TS_R 
#10:39:30 ipsec 0.0.0.0/0 
#10:39:30 ipsec [::/0] 
#10:39:30 ipsec TSi in tunnel mode replaced with config address: 172.31.1.3 
#10:39:30 ipsec TSr in tunnel mode replaced with first split subnet: 172.30.0.0/15 
#10:39:30 ipsec canditate selectors: 172.30.0.0/15 <=> 172.31.1.3 [/b]
#10:39:30 ipsec canditate selectors: [::/0] <=> [::/0] 
10:39:30 ipsec processing payload: SA 
10:39:30 ipsec IKE Protocol: ESP 
10:39:30 ipsec  proposal #1 
10:39:30 ipsec   enc: aes256-cbc 
10:39:30 ipsec   auth: sha256 
10:39:30 ipsec  proposal #2 
10:39:30 ipsec   enc: aes256-cbc 
10:39:30 ipsec   auth: sha256 
10:39:30 ipsec  proposal #3 
10:39:30 ipsec   enc: aes256-cbc 
10:39:30 ipsec   auth: sha256 
10:39:30 ipsec  proposal #4 
10:39:30 ipsec   enc: aes128-cbc 
10:39:30 ipsec   auth: sha1 
10:39:30 ipsec  proposal #5 
10:39:30 ipsec   enc: 3des-cbc 
10:39:30 ipsec   auth: sha1 
#10:39:30 ipsec searching for policy for selector: 172.30.0.0/15 <=> 172.31.1.3 
10:39:30 ipsec generating policy 
10:39:30 ipsec matched proposal: 
10:39:30 ipsec  proposal #1 
10:39:30 ipsec   enc: aes256-cbc 
10:39:30 ipsec   auth: sha256 
10:39:30 ipsec ike auth: finish 
10:39:30 ipsec my ID (RFC822): vpn.xxx.xxxx
10:39:30 ipsec processing payload: NONCE 
10:39:30 ipsec,debug => auth nonce (size 0x10) 
10:39:30 ipsec,debug 663a48e0 7afe9590 8b0e8c9b 4aacabe7 
10:39:30 ipsec,debug => SK_p (size 0x14) 
10:39:30 ipsec,debug 116aa096 a8ac252c 2cff4786 4d02c50f 4c4acc63 
10:39:30 ipsec,debug => idhash (size 0x14) 
10:39:30 ipsec,debug 60f034a3 957c7030 fa85fb1b a73a48e1 44a0fae4 
10:39:30 ipsec,debug => my auth (size 0x100) 
10:39:30 ipsec,debug bd050008 0b4f717d 9215c4c7 ba4a6630 1c4a94e2 2bb6fce6 5c9b45b9 336c84a4 
10:39:30 ipsec,debug cd28c8ac 1a6d748f 9f9cedeb d61e9a5c 7c37b969 0852f955 5c06fd2a 06509c66 
10:39:30 ipsec,debug 169bbb02 e59c0cb9 45b85c9d 606e62b1 b900aa9d 770e58c4 e139c013 d1b5e9c1 
10:39:30 ipsec,debug e8d6d4e9 112597d9 f110bee8 58e38630 8b2ff526 66577826 55eeafcf 09eaf122 
10:39:30 ipsec,debug 027ca835 11e210da dcac5c3f 5d590c4b ba21f235 b430a5cd 3c27380f 50f55fb7 
10:39:30 ipsec,debug fdf8373c 1f64547d e4906c61 bd899cd3 3acda8ba c3406df6 7f03c5d2 a55f592d 
10:39:30 ipsec,debug b985d954 8a59e61d 3945a48b c91d2947 81d90ba6 3521d012 0aed07a3 01a43c4a 
10:39:30 ipsec,debug 520bade1 e6298db3 0a84a761 d152dd38 4bac08d4 5bcba21e 586e4a1a e7707119 
10:39:30 ipsec adding payload: CERT 
10:39:30 ipsec,debug => (first 0x100 of 0x512) 
10:39:30 ipsec,debug 00000512 04308205 09308203 f1a00302 01020212 04b25fe7 a8e3f9da ff04af64 
10:39:30 ipsec,debug d8862ff4 d824300d 06092a86 4886f70d 01010b05 00304a31 0b300906 03550406 
10:39:30 ipsec,debug 13025553 31163014 06035504 0a130d4c 65742773 20456e63 72797074 31233021 
10:39:30 ipsec,debug 06035504 03131a4c 65742773 20456e63 72797074 20417574 686f7269 74792058 
10:39:30 ipsec,debug 33301e17 0d313730 38323330 36343930 305a170d 31373131 32313036 34393030 
10:39:30 ipsec,debug 5a301e31 1c301a06 03550403 13137670 6e2e7465 7272616e 63657369 752e636f 
10:39:30 ipsec,debug 6d308201 22300d06 092a8648 86f70d01 01010500 0382010f 00308201 0a028201 
10:39:30 ipsec,debug 0100c437 9c5e5839 70b91519 a2d4330a f79083aa 7844dfc3 03074306 d650b0b1 
10:39:30 ipsec adding payload: ID_R 
10:39:30 ipsec,debug => (size 0x1b) 
10:39:30 ipsec,debug 0000001b 03000000 76706e2e 74657272 616e6365 7369752e 636f6d 
10:39:30 ipsec adding payload: AUTH 
10:39:30 ipsec,debug => (first 0x100 of 0x108) 
10:39:30 ipsec,debug 00000108 01000000 bd050008 0b4f717d 9215c4c7 ba4a6630 1c4a94e2 2bb6fce6 
10:39:30 ipsec,debug 5c9b45b9 336c84a4 cd28c8ac 1a6d748f 9f9cedeb d61e9a5c 7c37b969 0852f955 
10:39:30 ipsec,debug 5c06fd2a 06509c66 169bbb02 e59c0cb9 45b85c9d 606e62b1 b900aa9d 770e58c4 
10:39:30 ipsec,debug e139c013 d1b5e9c1 e8d6d4e9 112597d9 f110bee8 58e38630 8b2ff526 66577826 
10:39:30 ipsec,debug 55eeafcf 09eaf122 027ca835 11e210da dcac5c3f 5d590c4b ba21f235 b430a5cd 
10:39:30 ipsec,debug 3c27380f 50f55fb7 fdf8373c 1f64547d e4906c61 bd899cd3 3acda8ba c3406df6 
10:39:30 ipsec,debug 7f03c5d2 a55f592d b985d954 8a59e61d 3945a48b c91d2947 81d90ba6 3521d012 
10:39:30 ipsec,debug 0aed07a3 01a43c4a 520bade1 e6298db3 0a84a761 d152dd38 4bac08d4 5bcba21e 
10:39:30 ipsec adding payload: NOTIFY 
10:39:30 ipsec   notify: INITIAL_CONTACT 
10:39:30 ipsec prepearing internal IPv4 address 
10:39:30 ipsec prepearing internal IPv4 netmask 
10:39:30 ipsec prepearing internal IPv6 subnet 
10:39:30 ipsec prepearing internal IPv6 subnet 
10:39:30 ipsec prepearing internal IPv4 DNS 
10:39:30 ipsec adding payload: CONFIG 
10:39:30 ipsec,debug => (size 0x38) 
10:39:30 ipsec,debug 00000038 02000000 00010004 ac1f0103 00020004 ffffffff 000d0008 ac1e0000 
10:39:30 ipsec,debug fffe0000 000d0008 c0a80000 fffffc00 00030004 c0a8000d 
10:39:30 ipsec initiator selector: 172.31.1.3 
10:39:30 ipsec adding payload: TS_I 
10:39:30 ipsec,debug => (size 0x18) 
10:39:30 ipsec,debug 00000018 01000000 07000010 0000ffff ac1f0103 ac1f0103 
10:39:30 ipsec responder selector: 172.30.0.0/15 
10:39:30 ipsec adding payload: TS_R 
10:39:30 ipsec,debug => (size 0x18) 
10:39:30 ipsec,debug 00000018 01000000 07000010 0000ffff ac1e0000 ac1fffff 
10:39:30 ipsec adding payload: SA 
10:39:30 ipsec,debug => (size 0x2c) 
10:39:30 ipsec,debug 0000002c 00000028 01030403 0cd47867 0300000c 0100000c 800e0100 03000008 
10:39:30 ipsec,debug 0300000c 00000008 05000000 
10:39:30 ipsec,debug,packet => outgoing plain packet (size 0x6ed) 
10:39:30 ipsec,debug,packet 2278c202 d6fc8ec3 d86a867c 20ecaca5 25202320 00000001 000006ed 24000512 
10:39:30 ipsec,debug,packet 04308205 09308203 f1a00302 01020212 04b25fe7 a8e3f9da ff04af64 d8862ff4 
10:39:30 ipsec,debug,packet d824300d 06092a86 4886f70d 01010b05 00304a31 0b300906 03550406 13025553 
10:39:30 ipsec,debug,packet 31163014 06035504 0a130d4c 65742773 20456e63 72797074 31233021 06035504 
10:39:30 ipsec,debug,packet 03131a4c 65742773 20456e63 72797074 20417574 686f7269 74792058 33301e17 
10:39:30 ipsec,debug,packet 0d313730 38323330 36343930 305a170d 31373131 32313036 34393030 5a301e31 
10:39:30 ipsec,debug,packet 1c301a06 03550403 13137670 6e2e7465 7272616e 63657369 752e636f 6d308201 
10:39:30 ipsec,debug,packet 22300d06 092a8648 86f70d01 01010500 0382010f 00308201 0a028201 0100c437 
10:39:30 ipsec,debug,packet 
10:39:30 ipsec,debug,packet 9c5e5839 70b91519 a2d4330a f79083aa 7844dfc3 03074306 d650b0b1 b399dc59 
10:39:30 ipsec,debug,packet 8c950eaa 08a081e3 3ff3b8f8 cb472dc8 27f9719c d82c699c 7825eafe bb8cb431 
10:39:30 ipsec,debug,packet 29a26fc1 1caf1f01 c74fc31d aae4fa17 cc3da0bb 15bd8056 77072c80 7c548bcf 
10:39:30 ipsec,debug,packet 01f6667c 3979578e ec116b41 9d58f4bb f279fe40 b3669cf6 034f9deb 318bc658 
10:39:30 ipsec,debug,packet d0a77279 cf0c82c6 d1688ea5 a86fdf96 80e8d2ad 38a55be6 d0bb031f dc9ad348 
10:39:30 ipsec,debug,packet c234a79b 64574714 87b1ceda 886af2f9 7fef903c 14db6b30 96146b51 7f9e290d 
10:39:30 ipsec,debug,packet 6cbf7b01 b140e7b8 b9fb96f1 94edc571 6605da89 084b9927 73f9415f bfed06bf 
10:39:30 ipsec,debug,packet 176a88ec 52abd142 e4d7bd2f 9559ad63 19afcee4 3882c5de 684137f0 06730203 
10:39:30 ipsec,debug,packet 
10:39:30 ipsec,debug,packet 010001a3 82021330 82020f30 0e060355 1d0f0101 ff040403 0205a030 1d060355 
10:39:30 ipsec,debug,packet 1d250416 30140608 2b060105 05070301 06082b06 01050507 0302300c 0603551d 
10:39:30 ipsec,debug,packet 130101ff 04023000 301d0603 551d0e04 16041442 315579ae 32a67a9a fd31970f 
10:39:30 ipsec,debug,packet e5f7e1a0 9b477c30 1f060355 1d230418 30168014 a84a6a63 047dddba e6d139b7 
10:39:30 ipsec,debug,packet a64565ef f3a8eca1 306f0608 2b060105 05070101 04633061 302e0608 2b060105 
10:39:30 ipsec,debug,packet 05073001 86226874 74703a2f 2f6f6373 702e696e 742d7833 2e6c6574 73656e63 
10:39:30 ipsec,debug,packet 72797074 2e6f7267 302f0608 2b060105 05073002 86236874 74703a2f 2f636572 
10:39:30 ipsec,debug,packet 742e696e 742d7833 2e6c6574 73656e63 72797074 2e6f7267 2f301e06 03551d11 
10:39:30 ipsec,debug,packet 
10:39:30 ipsec,debug,packet 04173015 82137670 6e2e7465 7272616e 63657369 752e636f 6d3081fe 0603551d 
10:39:30 ipsec,debug,packet 200481f6 3081f330 08060667 810c0102 013081e6 060b2b06 01040182 df130101 
10:39:30 ipsec,debug,packet 013081d6 30260608 2b060105 05070201 161a6874 74703a2f 2f637073 2e6c6574 
10:39:30 ipsec,debug,packet 73656e63 72797074 2e6f7267 3081ab06 082b0601 05050702 0230819e 0c819b54 
10:39:30 ipsec,debug,packet 68697320 43657274 69666963 61746520 6d617920 6f6e6c79 20626520 72656c69 
10:39:30 ipsec,debug,packet 65642075 706f6e20 62792052 656c7969 6e672050 61727469 65732061 6e64206f 
10:39:30 ipsec,debug,packet 6e6c7920 696e2061 63636f72 64616e63 65207769 74682074 68652043 65727469 
10:39:30 ipsec,debug,packet 66696361 74652050 6f6c6963 7920666f 756e6420 61742068 74747073 3a2f2f6c 
10:39:30 ipsec,debug,packet 
10:39:30 ipsec,debug,packet 65747365 6e637279 70742e6f 72672f72 65706f73 69746f72 792f300d 06092a86 
10:39:30 ipsec,debug,packet 4886f70d 01010b05 00038201 010087ae 98c1354d 7eebdbbe 998aad93 9ca61f4d 
10:39:30 ipsec,debug,packet a1b118af 294ee1e8 49dcd293 733b110e 4229d889 19ae1981 c57a6ec3 2b5d2fa3 
10:39:30 ipsec,debug,packet d624bc1b 4e41ac57 8fc22f39 4ab38002 eaf0f296 71614e21 9f0a72bf 8c2bfae0 
10:39:30 ipsec,debug,packet a5d593a8 88e29237 5af144eb d90f37bc b083493a c9cc7fc4 dda543ba 7ce9307d 
10:39:30 ipsec,debug,packet ab15144f 294196af 961e86a0 3e992015 49d34c2a 3d09d6e9 51c3c86d dfb53da8 
10:39:30 ipsec,debug,packet ccad8888 121343db b43ec7d2 ff0b30a1 83f53f41 a548fa72 9c2550d4 92daafa2 
10:39:30 ipsec,debug,packet 25e16825 180520bc ad4e37d7 33833dcb 6e6cf630 ef0c051b 17bc78c5 29a61361 
10:39:30 ipsec,debug,packet 
10:39:30 ipsec,debug,packet 6b383df9 2ad03c1f 94ac64f8 ad44aa89 2ed1c577 3b0fe1f9 d57901d9 abca9eb0 
10:39:30 ipsec,debug,packet 15720c2b ca94cda6 def4f1e3 e44f2700 001b0300 00007670 6e2e7465 7272616e 
10:39:30 ipsec,debug,packet 63657369 752e636f 6d290001 08010000 00bd0500 080b4f71 7d9215c4 c7ba4a66 
10:39:30 ipsec,debug,packet 301c4a94 e22bb6fc e65c9b45 b9336c84 a4cd28c8 ac1a6d74 8f9f9ced ebd61e9a 
10:39:30 ipsec,debug,packet 5c7c37b9 690852f9 555c06fd 2a06509c 66169bbb 02e59c0c b945b85c 9d606e62 
10:39:30 ipsec,debug,packet b1b900aa 9d770e58 c4e139c0 13d1b5e9 c1e8d6d4 e9112597 d9f110be e858e386 
10:39:30 ipsec,debug,packet 308b2ff5 26665778 2655eeaf cf09eaf1 22027ca8 3511e210 dadcac5c 3f5d590c 
10:39:30 ipsec,debug,packet 4bba21f2 35b430a5 cd3c2738 0f50f55f b7fdf837 3c1f6454 7de4906c 61bd899c 
10:39:30 ipsec,debug,packet 
10:39:30 ipsec,debug,packet d33acda8 bac3406d f67f03c5 d2a55f59 2db985d9 548a59e6 1d3945a4 8bc91d29 
10:39:30 ipsec,debug,packet 4781d90b a63521d0 120aed07 a301a43c 4a520bad e1e6298d b30a84a7 61d152dd 
10:39:30 ipsec,debug,packet 384bac08 d45bcba2 1e586e4a 1ae77071 192f0000 08000040 002c0000 38020000 
10:39:30 ipsec,debug,packet 00000100 04ac1f01 03000200 04ffffff ff000d00 08ac1e00 00fffe00 00000d00 
10:39:30 ipsec,debug,packet 08c0a800 00fffffc 00000300 04c0a800 0d2d0000 18010000 00070000 100000ff 
10:39:30 ipsec,debug,packet ffac1f01 03ac1f01 03210000 18010000 00070000 100000ff ffac1e00 00ac1fff 
10:39:30 ipsec,debug,packet ff000000 2c000000 28010304 030cd478 67030000 0c010000 0c800e01 00030000 
10:39:30 ipsec,debug,packet 08030000 0c000000 08050000 00 
10:39:30 ipsec adding payload: ENC 
10:39:30 ipsec,debug => (first 0x100 of 0x790) 
10:39:30 ipsec,debug 25000790 8e56d435 e216619a 5267000e 35e6d551 57815b0d ebbba666 d82f6862 
10:39:30 ipsec,debug 091d41a8 2512c544 c57af796 1fcb3589 49f8d7f2 bb5a810c 54fddb81 5a498c7e 
10:39:30 ipsec,debug ab8ec2d0 403f2764 7c38dac3 66c04c71 706485e2 f1958872 6978af7c a1765b41 
10:39:30 ipsec,debug bdd619de f61d8bb2 14255bbf ca8d06e7 83ad4fb6 0f84cc1c 73a84c16 791893d5 
10:39:30 ipsec,debug b1232547 e94dd730 b7663d7d ab2dcbf5 40799ea9 59fafced 7e5896a5 eb039914 
10:39:30 ipsec,debug d9a08bc6 e9144333 56059b13 01d5c911 40749d44 2891e2b9 e30bf812 de10afb5 
10:39:30 ipsec,debug efac8986 825b6014 a4ad6f57 2f6fe2f1 68680ecd 0d918b3e eb1d0ca1 2e9a4ae5 
10:39:30 ipsec,debug cb3f6302 c33a9217 837b7182 b9dd5f31 e247f286 10c06a3b 791ad866 cfba4fa3 
10:39:30 ipsec,debug ===== sending 1964 bytes from serverip[4500] to 123.123.123.123[63754] 
10:39:30 ipsec,debug 1 times of 1968 bytes message will be sent to 123.123.123.123[63754] 
10:39:30 ipsec,debug,packet 2278c202 d6fc8ec3 d86a867c 20ecaca5 2e202320 00000001 000007ac 25000790 
10:39:30 ipsec,debug,packet 8e56d435 e216619a 5267000e 35e6d551 57815b0d ebbba666 d82f6862 091d41a8 
10:39:30 ipsec,debug,packet 2512c544 c57af796 1fcb3589 49f8d7f2 bb5a810c 54fddb81 5a498c7e ab8ec2d0 
10:39:30 ipsec,debug,packet 403f2764 7c38dac3 66c04c71 706485e2 f1958872 6978af7c a1765b41 bdd619de 
10:39:30 ipsec,debug,packet f61d8bb2 14255bbf ca8d06e7 83ad4fb6 0f84cc1c 73a84c16 791893d5 b1232547 
10:39:30 ipsec,debug,packet e94dd730 b7663d7d ab2dcbf5 40799ea9 59fafced 7e5896a5 eb039914 d9a08bc6 
10:39:30 ipsec,debug,packet e9144333 56059b13 01d5c911 40749d44 2891e2b9 e30bf812 de10afb5 efac8986 
10:39:30 ipsec,debug,packet 825b6014 a4ad6f57 2f6fe2f1 68680ecd 0d918b3e eb1d0ca1 2e9a4ae5 cb3f6302 
10:39:30 ipsec,debug,packet c33a9217 837b7182 b9dd5f31 e247f286 10c06a3b 791ad866 cfba4fa3 b5d42f50 
10:39:30 ipsec,debug,packet 4d08b177 947b8173 210d0256 a2c640e9 8d042dca 83c92ab8 0f10f995 2a5b1279 
10:39:30 ipsec,debug,packet f5ecc218 f528c3ed bcec049a f4421d39 f97102bd b5664224 963ff1d3 b98331b3 
10:39:30 ipsec,debug,packet b1cfe20f ac610e96 4b1c5afa e8f16f2d ef732558 a93302de 328dc5c4 662957d3 
10:39:30 ipsec,debug,packet 60b162ae 0d5d2c29 bff4d28f 5d09db17 7eeee513 9474675a af9b6b94 80261889 
10:39:30 ipsec,debug,packet 5f953a5f 61008dfd 1ae28588 a0bf55b1 2cdebc38 b5b683f5 f82da2e1 c642c576 
10:39:30 ipsec,debug,packet 8ce0351c 025caf36 d219652e 8335c159 5b914847 ed7d31d4 c02e9d2d 2650c52b 
10:39:30 ipsec,debug,packet 2acf0768 25164778 9dcda99a eaacb4ed 5ab0d24a d164c7a3 e9d2fc31 bcb0cc2a 
10:39:30 ipsec,debug,packet bbccaf47 22ba92ce c1a7b405 19a76ad7 61fb51e8 980a3dd3 410e741c 881e3244 
10:39:30 ipsec,debug,packet c48568d1 6470af1b 6baa165c c6d13d05 c52087df e3c03ec0 680bb5cd 210b3889 
10:39:30 ipsec,debug,packet cc3fbb96 e1c51608 0a52dbd4 85647f5d 82394d0e e3938790 5d5ad589 a9edc8b0 
10:39:30 ipsec,debug,packet d64a80a8 d85c9232 989ef10f 95f7a12a 57519c5d 171f9d72 9ed78bd2 d0267faa 
10:39:30 ipsec,debug,packet 9aa59205 9659fd32 059ee463 b98bea5f 7a11f940 c7ad4043 d5240e21 469873ce 
10:39:30 ipsec,debug,packet 661a7ee2 cc340100 6ea4b9a8 771f8cee b517295a 0e30df13 3883ff66 aa4e7362 
10:39:30 ipsec,debug,packet 88348498 617f4a89 63d98900 feeeb9c1 2710cf9d 811cda1f 92357bef 17d87347 
10:39:30 ipsec,debug,packet 46bb2f0c 989ac596 0989a628 228cd105 aa9800a3 ec5005b2 850bee37 21d8d99f 
10:39:30 ipsec,debug,packet d8ec6434 ca37b1e3 5437b24f e80c208f 82cc702a dd034dac 7d8a64dc b44c495c 
10:39:30 ipsec,debug,packet 55fc3697 f11083fb dba603ca 1efe8860 7b9655b0 ea09827f f5d75486 f8801040 
10:39:30 ipsec,debug,packet 08a06af0 f73ea607 39d7cacf 88507180 cd666db3 9ec9ba83 69e94fdf 70dd8666 
10:39:30 ipsec,debug,packet 7f5585e3 6076ca91 a92e14c7 479f2e6f 2d4af9bc 96c1da64 8a22da99 2f8f3895 
10:39:30 ipsec,debug,packet fa57e4c6 1a711afe 141b2873 67875232 40a090a6 2dcc8a73 0cb25db0 ca402094 
10:39:30 ipsec,debug,packet 7a2cdc7b 51211c6e 63f1df95 da7a8cf8 c75040c3 c6af2a3c 5f244b01 5e71ce44 
10:39:30 ipsec,debug,packet db0c982b 6f92fff0 76ebe0d7 0ee59966 4e77e9ac 939fa64d 737819f2 19154c15 
10:39:30 ipsec,debug,packet 614416b4 8eabc491 33386f7f bf33f28c 50ab4ee8 917b8503 ea2c4aff 089a022d 
10:39:30 ipsec,debug,packet 40299516 3d7aeb63 6c0d6f32 a19c2207 c0de1507 fcc4249a 28b86b7f d878393f 
10:39:30 ipsec,debug,packet fbccfc03 cc1b0d75 f4058cad dfa7ffad 643598a5 8e9c5773 ea55407d f74739c6 
10:39:30 ipsec,debug,packet efc7a75e 832bba4d 1aaf1c90 81cbaa38 80613642 d90b0ecc 838ea7cf 27c86f26 
10:39:30 ipsec,debug,packet 016ad073 b47da573 1e4d86d1 16131318 aa83e1ad 33c11ba9 19bd33c6 efef9d00 
10:39:30 ipsec,debug,packet 1bdaccbe 8aabe72a 1cb0f7f6 eae748d0 efdafaf2 bd55c65d 9331636e 731a1dd1 
10:39:30 ipsec,debug,packet 1a317546 87042282 9becf488 587f4ffc badcdf5b 7a6645f6 db4cd074 621cfd7b 
10:39:30 ipsec,debug,packet 85293e78 0eb6af80 83be8b52 f6546034 70eb6fe8 972c5ff0 41b21776 390c2036 
10:39:30 ipsec,debug,packet 29bc84e3 e55b9fb4 25ad4bb0 0ff1d94c 2663bf2c e0dc5dd6 d8390f04 ae7a336e 
10:39:30 ipsec,debug,packet a2d7ade0 ea1e028b 45118e38 4112ae05 bae0f096 8335bc8b 3a4ff6cc 92992710 
10:39:30 ipsec,debug,packet ffd29d23 de88a71e a1d4de52 8cf02caa 56a02638 2083443d 64dea839 7dbd2be0 
10:39:30 ipsec,debug,packet dad978a4 0a209ad6 214581ad 06086cff 619c2e2d 66a264cc a4fc9976 8847e3c4 
10:39:30 ipsec,debug,packet a69fcd9a a844c573 fd9b9c73 b5fe47a8 1168dd1e 1a6e4042 b57239d9 2c70aa96 
10:39:30 ipsec,debug,packet 9b1949c5 6a611a7b 93918b1c 877d74de e437d5b7 725940d7 79d1d76e 861f6cb2 
10:39:30 ipsec,debug,packet b99e7642 4459d14a 12667aeb 447a6b39 35e149bb 45f53400 7d6f9679 7854a543 
10:39:30 ipsec,debug,packet 1ca6d866 d4197ee7 88ae7a38 bb8be88c 40d18c53 426f80bf ec8756a6 5b36d83b 
10:39:30 ipsec,debug,packet 5680d49c 75917d06 efa95756 52d33909 43ecc967 5eed0b96 f64fc18e fd33c5c3 
10:39:30 ipsec,debug,packet 4f59c686 73a92a5d a8cace95 14ac92b5 855be487 71f66d35 927c032c 8a0d996d 
10:39:30 ipsec,debug,packet 612e7a99 f2204b55 229cc748 01d86a52 d8a5b286 b33df27d 8d7c784e 71f8186f 
10:39:30 ipsec,debug,packet 480aec0c 3d75f7e9 edcb7d81 749f5127 767ba34e 0dc2ef1c c1d15d8f 53e67b6f 
10:39:30 ipsec,debug,packet 9e0e52e5 87552d67 1834110f 3e8bae2c a19add08 076dcdea e7b3a8c7 bb5933b4 
10:39:30 ipsec,debug,packet 8460de8e 985dfd4f cec06c44 e09333f5 bc1b46c0 4c922e96 f95b7a90 47e25f4f 
10:39:30 ipsec,debug,packet 65c641a8 184a048f b4b482dc bfd266af a5c2b19e 5e4f1dff 0a51a72a d6951c99 
10:39:30 ipsec,debug,packet d03651d5 455fd96b 72042004 b83cab2a e192025e b3849400 5c6c0b11 bb8b1e48 
10:39:30 ipsec,debug,packet a53d7d46 c898c623 8e2f64be 3313bd22 2eabc3f3 afccba4d d6da4f23 707a914d 
10:39:30 ipsec,debug,packet 582ff1b7 dbaa7c58 65a58734 fb9c193a 06f0ab56 9bde2da7 5abeec12 dff28ee1 
10:39:30 ipsec,debug,packet 6554c37b 976548f1 1aa4b4a1 5a868264 9bafb8b7 e3c6b2ae 1cf074b2 49c2408d 
10:39:30 ipsec,debug,packet 0c254edc 6dfa3500 7a3dc49b ae4c6ffe 7f08ca79 e56ff997 c2636e7f d1ea6335 
10:39:30 ipsec,debug,packet 45bbf11d 874417e2 f7eb7222 cc7cb94e 0f545434 b2d71178 1fbc02cd 7c1c96a0 
10:39:30 ipsec,debug,packet d4b170ee 1cf830c7 896f5588 63549718 36309751 16044df1 4dbf62b6 48bf305e 
10:39:30 ipsec,debug,packet 6333587d b7bf36c0 8b6d4f8e 
10:39:30 ipsec,debug => child keymat (size 0x8c) 
10:39:30 ipsec,debug afa2ded9 458481f4 f9924cde 539936b3 cdff8cca 42605229 bb121791 e68118a6 
10:39:30 ipsec,debug 7dba218d 478ef44a e220f119 e780cb62 8283a624 d5507326 f641f3f6 bee45243 
10:39:30 ipsec,debug 4b40aa69 9fe7a672 1519d03e a67e27a7 c4271446 1b184b85 4cd40812 0245fb62 
10:39:30 ipsec,debug 58099736 3e58b9e6 94cf129a 4d50f11b 60f533be b5a761f0 d7c47915 083b7011 
10:39:30 ipsec,debug e30dbaf1 9a4ee30c d43dd156 
10:39:30 ipsec IPsec-SA established: 123.123.123.123[63754]<->serverip[4500] spi=0xcd47867 
10:39:30 ipsec IPsec-SA established: serverip[4500]<->123.123.123.123[63754] spi=0x888703f 
10:39:32 ipsec,debug ===== received 76 bytes from 123.123.123.123[63754] to serverip[4500] 
10:39:32 ipsec,debug,packet 2278c202 d6fc8ec3 d86a867c 20ecaca5 2e202508 00000002 0000004c 2a000030 
10:39:32 ipsec,debug,packet b301c835 8ae4d2ca 21ac768f 89c6ff96 af9aa155 2451b9e9 e30fd853 9536ce07 
10:39:32 ipsec,debug,packet 35e97fc2 f853d9ef a437cd3a 
10:39:32 ipsec ike2 request, exchange: INFORMATIONAL:2 123.123.123.123[63754] 
10:39:32 ipsec payload seen: ENC 
10:39:32 ipsec processing payload: ENC 
10:39:32 ipsec,debug => iv (size 0x10) 
10:39:32 ipsec,debug b301c835 8ae4d2ca 21ac768f 89c6ff96 
10:39:32 ipsec,debug decrypted 
10:39:32 ipsec,debug,packet => decrypted packet (size 0x8) 
10:39:32 ipsec,debug,packet 00000008 01000000 
10:39:32 ipsec payload seen: DELETE 
10:39:32 ipsec respond: info 
10:39:32 ipsec processing payloads: NOTIFY (none found) 
10:39:32 ipsec processing payloads: DELETE 
10:39:32 ipsec delete IKE SA 
10:39:32 ipsec,debug,packet => outgoing plain packet (size 0x1c) 
10:39:32 ipsec,debug,packet 2278c202 d6fc8ec3 d86a867c 20ecaca5 00202520 00000002 0000001c 
10:39:32 ipsec adding payload: ENC 
10:39:32 ipsec,debug => (size 0x80) 
10:39:32 ipsec,debug 00000080 9536ce07 35e97fc2 f853d9ef a437cd3a c804d023 841b5b00 0fa44394 
10:39:32 ipsec,debug 10192a3a 904766da 516383f7 eaa46778 7aa02d53 725c5eee dc746b9a 03efbc01 
10:39:32 ipsec,debug 62b5a553 84ed051d 3330bca2 d0249eee c40da067 31f61189 b30075ae 6b03e38b 
10:39:32 ipsec,debug 3648a1e6 184099e7 c1f71076 a6aff966 735ea43d 00000200 0008fffe 00000300 
10:39:32 ipsec,debug ===== sending 156 bytes from serverip[4500] to 123.123.123.123[63754] 
10:39:32 ipsec,debug 1 times of 160 bytes message will be sent to 123.123.123.123[63754] 
10:39:32 ipsec,debug,packet 2278c202 d6fc8ec3 d86a867c 20ecaca5 2e202520 00000002 0000009c 00000080 
10:39:32 ipsec,debug,packet 9536ce07 35e97fc2 f853d9ef a437cd3a c804d023 841b5b00 0fa44394 10192a3a 
10:39:32 ipsec,debug,packet 904766da 516383f7 eaa46778 7aa02d53 725c5eee dc746b9a 03efbc01 62b5a553 
10:39:32 ipsec,debug,packet 84ed051d 3330bca2 d0249eee c40da067 31f61189 b30075ae 6b03e38b 3648a1e6 
10:39:32 ipsec,debug,packet 184099e7 c1f71076 a6aff966 735ea43d 677f2fa5 56b4b12b a53584cb 
10:39:32 ipsec,info killing ike2 SA: serverip[4500]-123.123.123.123[63754] spi:d86a867c20ecaca5:2278c202d6fc8ec3 
10:39:32 ipsec IPsec-SA killing: 123.123.123.123[63754]<->serverip[4500] spi=0xcd47867 
10:39:32 ipsec IPsec-SA killing: serverip[4500]<->123.123.123.123[63754] spi=0x888703f 
10:39:32 ipsec removing generated policy 
10:39:32 ipsec KA remove: serverip[4500]->123.123.123.123[63754] 
10:39:32 ipsec,debug KA tree dump: serverip[4500]->123.123.123.123[63754] (in_use=2) 
10:39:32 ipsec,debug KA tree dump: serverip[4500]->123.123.123.123[63754] (in_use=1) 
10:39:32 ipsec,debug KA tree dump: serverip[4500]->123.123.123.123[63754] (in_use=1) 
10:39:32 ipsec,debug KA removing this one... 
10:39:32 ipsec,info releasing address 172.31.1.3 
client ip = 123.123.123.123
serverip = dynamic

From the debug log to see, only match the 172.30.0.0/15 this subnet, and 192.168.0.0/22 is ignored!

client apple ios 10.3.3
 
User avatar
emils
MikroTik Support
MikroTik Support
Posts: 719
Joined: Thu Dec 11, 2014 8:53 am

Re: tunnel split does not work on ikev2

Thu Aug 24, 2017 1:09 pm

First of all, swap src-address and dst-address for both your policies in places. Src-address should consist of the split network. Dst-address should be your peer network.

Who is online

Users browsing this forum: Renfrew and 240 guests